The U.K.’s competition watchdog has raised serious concerns about Nvidia’s proposed takeover of chip designer, ARM.
Its assessment was published today by the government, which will now need to decide whether to ask the Competition and Markets Authority (CMA) to carry out an in-depth probe into the proposed acquisition.
In the executive summary of the CMA’s report for the government the watchdog sets out concerns that if the deal were to go ahead the merged business would have the ability and incentive to harm the competitiveness of Nvidia’s rivals by restricting access to ARM’s IP which is used by companies that produce semiconductor chips and related products, in competition with Nvidia.
The CMA is worried that the loss of competition could stifle innovation across a number of markets — including data centres, gaming, the “internet of things”, and self-driving cars, with the resulting risk of more expensive or lower-quality products for businesses and consumers.
A behavioral remedy offered by Nvidia was rejected by the CMA — which has recommended moving to an in-depth “Phase 2” investigation of the proposed merger on competition grounds.
Commenting in a statement, CEO Andrea Coscelli said: “We’re concerned that Nvidia controlling Arm could create real problems for NVIDIA’s rivals by limiting their access to key technologies, and ultimately stifling innovation across a number of important and growing markets. This could end up with consumers missing out on new products, or prices going up.
“The chip technology industry is worth billions and is vital to products that businesses and consumers rely on every day. This includes the critical data processing and datacentre technology that supports digital businesses across the economy, and the future development of artificial intelligence technologies that will be important to growth industries like robotics and self-driving cars.”
Nvidia has been contacted for comment. Update: The company has now sent this statement:
We look forward to the opportunity to address the CMA’s initial views and resolve any concerns the Government may have. We remain confident that this transaction will be beneficial to Arm, its licensees, competition, and the UK.
In a statement on its website, the Department for Digital, Media, Culture and Sport said the U.K.’s digital secretary is now “considering the relevant information contained in the full report” and will make a decision on whether to ask the CMA to conduct a ‘Phase Two’ investigation “in due course”.
“There is no set period in which this decision must be made, but it must take into account the need to make a decision as soon as reasonably practicable to reduce uncertainty,” it added.
The proposed merger has faced considerable domestic opposition with opponents including one of the co-founders of ARM calling for it to be blocked.
Three months ago, Mastercard invested $100 million in Airtel Mobile Commerce BV (AMC BV) — the mobile money business of telecom Airtel Africa. This was two weeks after it also received $200 million from TPG’s Rise Fund.
Today, the African telecoms operator has announced that it has secured another investment for its mobile money arm. The investor? Qatar Holding LLC, an affiliate of the Qatar Investment Authority (QIA), the sovereign wealth fund of the State of Qatar with over $300 billion in assets. The Middle Eastern corporation is set to invest $200 million into AMC BV through a secondary purchase of shares from Airtel Africa.
AMC BV is an Airtel Africa subsidiary and the holding company for several of Airtel Africa’s mobile money operations across 14 African countries, including Kenya, Uganda and Nigeria. The mobile money arm operates one of the largest financial services on the continent. It provides users access to mobile wallets, support for international money transfers, loans and virtual credit cards.
According to a statement released by the telecoms operator, the proceeds of the investment will be used to reduce debt and invest in network and sales infrastructure in the respective operating countries. The deal will close in two tranches — $150 million invested at the first close, most likely in August. The remaining $50 million will be invested at second close.
Airtel Africa claims QIA will hold a minority stake while it continues to hold the majority stake. This transaction still values Airtel Africa at $2.65 billion on a cash and debt-free basis like other deals. However, what’s different this time is that QIA is entitled to appoint a director to AMC BV’s board and “to certain customary information and minority protection rights.”
Airtel Africa’s most recent report for Q1 2021 shows signs of growth. The telecoms operator saw a year on year revenue growth of 53.7%, pushed by a 24.6% growth in customer base to 23.1 million. Transaction value went up 64.4% to $14.7 billion ($59 billion annualised); and EBITDA stood at $60 million ($240 million annualised) at a margin of 48.8%. The company also generated $124 million in revenue ($496 million annualised), while its profits before tax year-on-year for Q1 2021 stood at $185 million.
Mansoor bin Ebrahim Al-Mahmoud, CEO of QIA, said the sovereign’s wealth fund investment in Airtel Africa would help promote financial inclusion in Sub-Saharan Africa. “Airtel Money plays a critical role in facilitating economic activity, including for customers without access to traditional financial services. We firmly believe in its mission to expand these efforts over the coming years,” he added.
In February, Airtel Africa first made it known that it wanted to sell a minority stake in AMC BV to raise cash and sell off some assets. The subsequent month, it sold off telecommunication towers in Madagascar and Malawi to Helios Towers for $119 million and raised $500 million from outside investors.
The UK’s competition watchdog, the CMA, has opened another investigation into Big Tech — this one targeted at Amazon and Google over how they handle (or, well, don’t) fake reviews.
The Competition and Markets Authority has taken an interest in online reviews for several years, as far back as 2015.
It also went after eBay and Facebook back in 2019 to try to squeeze the trade in fake reviews it found thriving on their marketplaces. After continuing to pressure those platforms the watchdog was given pledges they’d do more. Albeit, in the case of Facebook, it took until April 2021 for it to take down 16,000 groups that had been trading fake reviews — and the CMA expressed disappointment that it had taken Facebook over a year to take meaningful action.
Now the CMA has Amazon and Google in its sites, both of which control platforms hosting user reviews — saying it will be gathering evidence to determine whether they may have broken UK law by taking insufficient action to protect shoppers from fake reviews.
Businesses that mislead consumers or don’t take action to prevent consumers being misled may be in breach of UK laws intended to protect consumers from unfair trading.
The CMA says its investigation into Amazon and Google follows an initial probe, which it started in May 2020, which was focused on assessing several platforms’ internal systems and processes for identifying and dealing with fake reviews.
That work raised specific concerns about whether the two tech giants have been doing enough to:
The regulator also said it’s concerned that Amazon’s systems have been “failing adequately to prevent and deter some sellers from manipulating product listings” — such as, for example, by co-opting positive reviews from other products.
And, well, who hasn’t been browsing product reviews on Amazon, only to be drawn up short by a reviewer earnestly referring to product attributes that clearly bear no relation to the sale item in question?
While the user reviews that pop up on, for example, Google Maps after a search for a local business can also display unusual patterns of 5-starring (or 1-starring) behaviour.
Commenting on its investigation into concerns that Amazon and Google are not doing enough to combat the problem of fake reviews the CMA’s CEO Andrea Coscelli had this to say, in a statement:
“Our worry is that millions of online shoppers could be misled by reading fake reviews and then spending their money based on those recommendations. Equally, it’s simply not fair if some businesses can fake 5-star reviews to give their products or services the most prominence, while law-abiding businesses lose out.
“We are investigating concerns that Amazon and Google have not been doing enough to prevent or remove fake reviews to protect customers and honest businesses. It’s important that these tech platforms take responsibility and we stand ready to take action if we find that they are not doing enough.”
Amazon and Google were contacted for comment.
A Google Spokesperson sent us this statement:
“Our strict policies clearly state reviews must be based on real experiences, and when we find policy violations, we take action — from removing abusive content to disabling user accounts. We look forward to continuing our work with the CMA to share more on how our industry-leading technology and review teams work to help users find relevant and useful information on Google.”
An Amazon spokesperson also said:
“To help earn the trust of customers, we devote significant resources to preventing fake or incentivized reviews from appearing in our store. We work hard to ensure that reviews accurately reflect the experience that customers have had with a product. We will continue to assist the CMA with its enquiries and we note its confirmation that no findings have been made against our business. We are relentless in protecting our store and will take action to stop fake reviews regardless of the size or location of those who attempt this abuse.”
In a blog post earlier this month, Amazon — likely aware of the CMA’s attention on the issue — discussed the problem of bogus online reviews, claiming it “relentlessly innovates to allow only genuine product reviews in our store”; and offering up some illustrative stats (such as that, in 2020 alone, it stopped more than 200M “suspected fake reviews” before they were seen by any customers, mostly via the use of “proactive detection”).
However the blog post was also heavily on the defensive — with the ecommerce giant seeking to spread the blame for the fake reviews problem — saying, for example, that there’s an “increasing trend of bad actors attempting to solicit fake reviews outside Amazon, particularly via social media services”.
It sought to frame fake reviews as an industry-wide problem, needing a coordinated, industry-wide solution — while reserving its heaviest fire for (unnamed) “social media companies” (cough Facebook cough) — and suggesting, for example, that they are the weak link in the chain:
“We need social media companies whose services are being used to facilitate fake reviews to proactively invest in fraud and fake review controls, partner with us to stop these bad actors, and help consumers shop with confidence. It will take constant innovation and partnership across industries and law enforcement to fully protect consumers and our honest selling partners.”
Amazon’s blog post also called for coordinated assistance from consumer protection regulators “around the world” to support its existing efforts to litigate against “bad actors”, aka “those who have purchased reviews and the service providers who provided them”.
The company also told us it has won “dozens” of injunctions against providers of fake reviews across Europe — adding that it won’t shy away from taking legal action. (It noted, for example, a lawsuit it filed on June 9 with the London Commercial Court against the owners of the websites, AMZ Tigers and TesterJob — seeking a prohibitory injunction and damages.)
In light of the CMA’s investigation being opened now, Amazon’s blog post calling for regulatory assistance to support litigation against purveyors of fake reviews looks like a pre-emptive plea to the CMA to swivel its gaze back onto Facebook’s marketplace — and check back in on how the trade in fake reviews is looking over there.
We reached out to the CMA to ask whether its investigation into Amazon and Google will dig into the role that review trading groups hosted elsewhere, such as on social media platforms, may play in exacerbating the issue and will update this port with any response.
The CMA has been increasingly active in regulating Big Tech as it dials up attention on digital markets to prepare for planned UK reforms to competition law that look set to usher in an ex ante regime for dealing with competition-denting platform power.
The watchdog has a number of other open investigations into Big Tech — including into Google’s planned deprecation of tracking cookies. It also recently initiated a market study into Apple and Google’s dominance of the mobile ecosystem.
Given the watchdog’s focus on major platforms — as well as its long standing interest in fake reviews — it’s interesting to speculate whether iOS maker Apple may not face some UK scrutiny on this issue.
Concerns have also been raised over fake ratings and reviews on its App Store.
Earlier this year, for example, iOS app developer, Kosta Eleftheriou, filed suit against Apple — alleging it enticed developers to build apps by claiming the App Store is a safe and trustworthy place but that it doesn’t protect legitimate developers against scammers profiting from their hard work.
The CMA already has an open investigation into Apple’s App Store. So it will be paying close attention to aspects of the store, saying back in March that it would be investigating whether Apple imposes unfair or anti-competitive terms on developers — which then ultimately result in users having less choice or paying higher prices for apps and add-ons.
For now, though, the watchdog’s attention toward the fake reviews issue has been publicly focused elsewhere.
Update: Google has now confirmed the delay, writing in a blog post that its engagement with UK regulators over the so-called “Privacy Sandbox” means support for tracking cookies won’t start being phased out in Chrome until the second half of 2023.
Our original report follows below…
Adtech giant Google appears to be leaning toward postponing a long planned depreciation of third party tracking cookies.
The plan dates back to 2019 when it announced the long-term initiative that will make it harder for online marketers and advertisers to track web users, including by depreciating third party cookies in Chrome.
Then in January 2020 it said it would make the switch within two years. Which would mean by 2022.
Google confirmed to TechCrunch that it has a Privacy Sandbox announcement incoming today — set for 4pm BST/5pm CET — after we contacted it to ask for confirmation of information we’d heard, via our own sources.
We’ve been told Google’s new official timeline for implementation will be 2023.
However a spokesman for the tech giant danced around providing a direct confirmation — saying that “an update” is incoming shortly.
“We do have an announcement today that will shed some light on Privacy Sandbox updates,” the spokesman also told us.
He had responded to our initial email — which had asked Google to confirm that it will postpone the implementation of Privacy Sandbox to 2023; and for any statement on the delay — with an affirmation (“yep”) so, well, a delay looks likely. But we’ll see how exactly Google will spin that in a few minutes when it publishes the incoming Privacy Sandbox announcement.
Google has previously said it would depreciate support for third party cookies by 2022 — which naturally implies that the wider Privacy Sandbox stack of related adtech would also need to be in place by then.
Earlier this year it slightly hedged the 2022 timeline, saying in January that any changes would not be made before 2022.
The issue for Google is that regulatory scrutiny of its plan has stepped up — following antitrust complaints from the adtech industry which faces huge changes to how it can track and target Internet users.
In Europe, the UK’s Competition and Markets Authority has been working with the UK’s Information Commissioner’s Office to understand the competition and privacy implications of Google’s planned move. And, earlier this month, the CMA issued a notification of intention to accept proposed commitments from Google that would enable the regulator to block any depreciation of cookies if it’s not happy it can be done in a way that’s good for competition and privacy.
At the time we asked Google how the CMA’s involvement might impact the Privacy Sandbox timeline but the company declined to comment.
Increased regulatory oversight of Big Tech will have plenty of ramifications — most obviously it means the end of any chance for giants like Google to ‘move fast and break things’.
EU antitrust authorities are finally taking a broad and deep look into Google’s adtech stack and role in the online ad market — confirming today that they’ve opened a formal investigation.
Google has already been subject to three major EU antitrust enforcements over the past five years — against Google Shopping (2017), Android (2018) and AdSense (2019). But the European Commission has, until now, avoided officially wading into the broader issue of its role in the adtech supply chain. (The AdSense investigation focused on Google’s search ad brokering business, though Google claims the latest probe represents that next stage of that 2019 enquiry, rather than stemming from a new complaint).
The Commission said that the new Google antitrust investigation will assess whether it has violated EU competition rules by “favouring its own online display advertising technology services in the so called ‘ad tech’ supply chain, to the detriment of competing providers of advertising technology services, advertisers and online publishers”.
Display advertising spending in the EU in 2019 was estimated to be approximately €20BN, per the Commission.
“The formal investigation will notably examine whether Google is distorting competition by restricting access by third parties to user data for advertising purposes on websites and apps, while reserving such data for its own use,” it added in a press release.
Earlier this month, France’s competition watchdog fined Google $268M in a case related to self-preferencing within the adtech market — which the watchdog found constituted an abuse by Google of a dominant position for ad servers for website publishers and mobile apps.
In that instance Google sought a settlement — proposing a number of binding interoperability agreements which the watchdog accepted. So it remains to be seen whether the tech giant may seek to push for a similar outcome at the EU level.
There is one cautionary signal in that respect in the Commission’s press release which makes a point of flagging up EU data protection rules — and highlighting the need to take into account the protection of “user privacy”.
That’s an interesting side-note for the EU’s antitrust division to include, given some of the criticism that France’s Google adtech settlement has attracted — for risking cementing abusive user exploitation (in the form of adtech privacy violations) into the sought for online advertising market rebalancing.
Or as Cory Doctorow neatly explains it in this Twitter thread: “The last thing we want is competition in practices that harm the public.”
Aka, unless competition authorities wise up to the data abuses being perpetuated by dominant tech platforms — such as through enlightened competition authorities engaging in close joint-working with privacy regulators (in the EU this is, at least, possible since there’s regulation in both areas) — there’s a very real risk that antitrust enforcement against Big (ad)Tech could simply supercharge the user-hostile privacy abuses that surveillance giants have only been able to get away with because of their market muscle.
So, tl;dr, ill-thought through antitrust enforcement actually risks further eroding web users’ rights… and that would indeed be a terrible outcome. (Unless you’re Google; then it would represent successfully playing one regulator off against another at the expense of users.)
The last thing we want is competition in practices that harm the public – we don't want companies to see who can commit the most extensive human rights abuses at the lowest costs. That's not something we want to render more efficient.https://t.co/qDPr6OtP90
— Cory Doctorow (@doctorow) June 8, 2021
The need for competition and privacy regulators to work together to purge Big Tech market abuses has become an active debate in Europe — where a few pioneering regulators (like German’s FCO) are ahead of the pack.
The UK’s Competition and Markets Authority (CMA) and Information Commissioner’s Office (ICO) also recently put out a joint statement — laying out their conviction that antitrust and data protection regulators must work together to foster a thriving digital economy that’s healthy across all dimensions — i.e. for competitors, yes, but also for consumers.
A recent CMA proposed settlement related to Google’s planned replacement for tracking cookies — aka ‘Privacy Sandbox’, which has also been the target of antitrust complaints by publishers — was notable in baking in privacy commitments and data protection oversight by the ICO in addition to the CMA carrying out its competition enforcement role.
It’s fair to say that the European Commission has lagged behind such pioneers in appreciating the need for synergistic regulatory joint-working, with the EU’s antitrust chief roundly ignoring — for example — calls to block Google’s acquisition of Fitbit over the data advantage it would entrench, in favor of accepting a few ‘concessions’ to waive the deal through.
So it’s interesting to see the EU’s antitrust division here and now — at the very least — virtue signalling an awareness of the problem of regional regulators approaching competition and privacy as if they exist in firewalled silos.
Whether this augurs the kind of enlightened regulatory joint working — to achieve holistically healthy and dynamic digital markets — which will certainly be essential if the EU is to effectively grapple with surveillance capitalism very much remains to be seen. But we can at least say that the inclusion of the below statement in an EU antitrust division press release represents a change of tone (and that, in itself, looks like a step forward…):
“Competition law and data protection laws must work hand in hand to ensure that display advertising markets operate on a level playing field in which all market participants protect user privacy in the same manner.”
Returning to the specifics of the EU’s Google adtech probe, the Commission says it will be particularly examining:
Commenting on the investigation in a statement, Commission EVP and competition chief, Margrethe Vestager, added:
“Online advertising services are at the heart of how Google and publishers monetise their online services. Google collects data to be used for targeted advertising purposes, it sells advertising space and also acts as an online advertising intermediary. So Google is present at almost all levels of the supply chain for online display advertising. We are concerned that Google has made it harder for rival online advertising services to compete in the so-called ad tech stack. A level playing field is of the essence for everyone in the supply chain. Fair competition is important — both for advertisers to reach consumers on publishers’ sites and for publishers to sell their space to advertisers, to generate revenues and funding for content. We will also be looking at Google’s policies on user tracking to make sure they are in line with fair competition.”
Contacted for comment on the Commission investigation, a Google spokesperson sent us this statement:
“Thousands of European businesses use our advertising products to reach new customers and fund their websites every single day. They choose them because they’re competitive and effective. We will continue to engage constructively with the European Commission to answer their questions and demonstrate the benefits of our products to European businesses and consumers.”
Google also claimed that publishers keep around 70% of the revenue when using its products — saying in some instances it can be more.
It also suggested that publishers and advertisers often use multiple technologies simultaneously, further claiming that it builds its own technologies to be interoperable with more than 700 rival platforms for advertisers and 80 rival platforms for publishers.
The need for markets-focused competition watchdogs and consumer-centric privacy regulators to think outside their respective ‘legal silos’ and find creative ways to work together to tackle the challenge of big tech market power was the impetus for a couple of fascinating panel discussions organized by the Centre for Economic Policy Research (CEPR), which were livestreamed yesterday but are available to view on-demand here.
The conversations brought together key regulatory leaders from Europe and the US — giving a glimpse of what the future shape of digital markets oversight might look like at a time when fresh blood has just been injected to chair the FTC so regulatory change is very much in the air (at least around tech antitrust).
CEPR’s discussion premise is that integration, not merely intersection, of competition and privacy/data protection law is needed to get a proper handle on platform giants that have, in many cases, leveraged their market power to force consumers to accept an abusive ‘fee’ of ongoing surveillance.
That fee both strips consumers of their privacy and helps tech giants perpetuate market dominance by locking out interesting new competition (which can’t get the same access to people’s data so operates at a baked in disadvantage).
A running theme in Europe for a number of years now, since a 2018 flagship update to the bloc’s data protection framework (GDPR), has been the ongoing under-enforcement around the EU’s ‘on-paper’ privacy rights — which, in certain markets, means regional competition authorities are now actively grappling with exactly how and where the issue of ‘data abuse’ fits into their antitrust legal frameworks.
The regulators assembled for CEPR’s discussion included, from the UK, the Competition and Markets Authority’s CEO Andrea Coscelli and the information commissioner, Elizabeth Denham; from Germany, the FCO’s Andreas Mundt; from France, Henri Piffaut, VP of the French competition authority; and from the EU, the European Data Protection Supervisor himself, Wojciech Wiewiórowski, who advises the EU’s executive body on data protection legislation (and is the watchdog for EU institutions’ own data use).
The UK’s CMA now sits outside the EU, of course — giving the national authority a higher profile role in global mergers & acquisition decisions (vs pre-brexit), and the chance to help shape key standards in the digital sphere via the investigations and procedures it chooses to pursue (and it has been moving very quickly on that front).
The CMA has a number of major antitrust probes open into tech giants — including looking into complaints against Apple’s App Store and others targeting Google’s plan to depreciate support for third party tracking cookies (aka the so-called ‘Privacy Sandbox’) — the latter being an investigation where the CMA has actively engaged the UK’s privacy watchdog (the ICO) to work with it.
Only last week the competition watchdog said it was minded to accept a set of legally binding commitments that Google has offered which could see a quasi ‘co-design’ process taking place, between the CMA, the ICO and Google, over the shape of the key technology infrastructure that ultimately replaces tracking cookies. So a pretty major development.
Germany’s FCO has also been very active against big tech this year — making full use of an update to the national competition law which gives it the power to take proactive inventions around large digital platforms with major competitive significance — with open procedures now against Amazon, Facebook and Google.
The Bundeskartellamt was already a pioneer in pushing to loop EU data protection rules into competition enforcement in digital markets in a strategic case against Facebook, as we’ve reported before. That closely watched (and long running) case — which targets Facebook’s ‘superprofiling’ of users, based on its ability to combine user data from multiple sources to flesh out a single high dimension per-user profile — is now headed to Europe’s top court (so likely has more years to run).
But during yesterday’s discussion Mundt confirmed that the FCO’s experience litigating that case helped shape key amendments to the national law that’s given him beefier powers to tackle big tech. (And he suggested it’ll be a lot easier to regulate tech giants going forward, using these new national powers.)
“Once we have designated a company to be of ‘paramount significance’ we can prohibit certain conduct much more easily than we could in the past,” he said. “We can prohibit, for example, that a company impedes other undertaking by data processing that is relevant for competition. We can prohibit that a use of service depends on the agreement to data collection with no choice — this is the Facebook case, indeed… When this law was negotiated in parliament parliament very much referred to the Facebook case and in a certain sense this entwinement of competition law and data protection law is written in a theory of harm in the German competition law.
“This makes a lot of sense. If we talk about dominance and if we assess that this dominance has come into place because of data collection and data possession and data processing you need a parameter in how far a company is allowed to gather the data to process it.”
“The past is also the future because this Facebook case… has always been a big case. And now it is up to the European Court of Justice to say something on that,” he added. “If everything works well we might get a very clear ruling saying… as far as the ECN [European Competition Network] is concerned how far we can integrate GDPR in assessing competition matters.
“So Facebook has always been a big case — it might get even bigger in a certain sense.”
France’s competition authority and its national privacy regulator (the CNIL), meanwhile, have also been joint working in recent years.
Including over a competition complaint against Apple’s pro-user privacy App Tracking Transparency feature (which last month the antitrust watchdog declined to block) — so there’s evidence there too of respective oversight bodies seeking to bridge legal silos in order to crack the code of how to effectively regulate tech giants whose market power, panellists agreed, is predicated on earlier failures of competition law enforcement that allowed tech platforms to buy up rivals and sew up access to user data, entrenching advantage at the expense of user privacy and locking out the possibility of future competitive challenge.
The contention is that monopoly power predicated upon data access also locks consumers into an abusive relationship with platform giants which can then, in the case of ad giants like Google and Facebook, extract huge costs (paid not in monetary fees but in user privacy) for continued access to services that have also become digital staples — amping up the ‘winner takes all’ characteristic seen in digital markets (which is obviously bad for competition too).
Yet, traditionally at least, Europe’s competition authorities and data protection regulators have been focused on separate workstreams.
The consensus from the CEPR panels was very much that that is both changing and must change if civil society is to get a grip on digital markets — and wrest control back from tech giants to that ensure consumers and competitors aren’t both left trampled into the dust by data-mining giants.
Denham said her motivation to dial up collaboration with other digital regulators was the UK government entertaining the idea of creating a one-stop-shop ‘Internet’ super regulator. “What scared the hell out of me was the policymakers the legislators floating the idea of one regulator for the Internet. I mean what does that mean?” she said. “So I think what the regulators did is we got to work, we got busy, we become creative, got our of our silos to try to tackle these companies — the likes of which we have never seen before.
“And I really think what we have done in the UK — and I’m excited if others think it will work in their jurisdictions — but I think that what really pushed us is that we needed to show policymakers and the public that we had our act together. I think consumers and citizens don’t really care if the solution they’re looking for comes from the CMA, the ICO, Ofcom… they just want somebody to have their back when it comes to protection of privacy and protection of markets.
“We’re trying to use our regulatory levers in the most creative way possible to make the digital markets work and protect fundamental rights.”
During the earlier panel, the CMA’s Simeon Thornton, a director at the authority, made some interesting remarks vis-a-vis its (ongoing) Google ‘Privacy Sandbox’ investigation — and the joint working it’s doing with the ICO on that case — asserting that “data protection and respecting users’ rights to privacy are very much at the heart of the commitments upon which we are currently consulting”.
“If we accept the commitments Google will be required to develop the proposals according to a number of criteria including impacts on privacy outcomes and compliance with data protection principles, and impacts on user experience and user control over the use of their personal data — alongside the overriding objective of the commitments which is to address our competition concerns,” he went on, adding: “We have worked closely with the ICO in seeking to understand the proposals and if we do accept the commitments then we will continue to work closely with the ICO in influencing the future development of those proposals.”
“If we accept the commitments that’s not the end of the CMA’s work — on the contrary that’s when, in many respects, the real work begins. Under the commitments the CMA will be closely involved in the development, implementation and monitoring of the proposals, including through the design of trials for example. It’s a substantial investment from the CMA and we will be dedicating the right people — including data scientists, for example, to the job,” he added. “The commitments ensure that Google addresses any concerns that the CMA has. And if outstanding concerns cannot be resolved with Google they explicitly provide for the CMA to reopen the case and — if necessary — impose any interim measures necessary to avoid harm to competition.
“So there’s no doubt this is a big undertaking. And it’s going to be challenging for the CMA, I’m sure of that. But personally I think this is the sort of approach that is required if we are really to tackle the sort of concerns we’re seeing in digital markets today.”
Thornton also said: “I think as regulators we do need to step up. We need to get involved before the harm materializes — rather than waiting after the event to stop it from materializing, rather than waiting until that harm is irrevocable… I think it’s a big move and it’s a challenging one but personally I think it’s a sign of the future direction of travel in a number of these sorts of cases.”
Also speaking during the regulatory panel session was FTC commissioner Rebecca Slaughter — a dissenter on the $5BN fine it hit Facebook with back in 2019 for violating an earlier consent order (as she argued the settlement provided no deterrent to address underlying privacy abuse, leaving Facebook free to continue exploiting users’ data) — as well as Chris D’Angelo, the chief deputy AG of the New York Attorney General, which is leading a major states antitrust case against Facebook.
Slaughter pointed out that the FTC already combines a consumer focus with attention on competition but said that historically there has been separation of divisions and investigations — and she agreed on the need for more joined-up working.
She also advocated for US regulators to get out of a pattern of ineffective enforcement in digital markets on issues like privacy and competition where companies have, historically, been given — at best — what amounts to wrist slaps that don’t address root causes of market abuse, perpetuating both consumer abuse and market failure. And be prepared to litigate more.
As regulators toughen up their stipulations they will need to be prepared for tech giants to push back — and therefore be prepared to sue instead of accepting a weak settlement.
“That is what is most galling to me that even where we take action, in our best faith good public servants working hard to take action, we keep coming back to the same questions, again and again,” she said. “Which means that the actions we are taking isn’t working. We need different action to keep us from having the same conversation again and again.”
Slaughter also argued that it’s important for regulators not to pile all the burden of avoiding data abuses on consumers themselves.
“I want to sound a note of caution around approaches that are centered around user control,” she said. “I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how it’s being used, make decisions… I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.
“So I really worry about a framework that is built at all around the idea of control as the central tenant or the way we solve the problem. I’ll keep coming back to the notion of what instead we need to be focusing on is where is the burden on the firms to limit their collection in the first instance, prohibit their sharing, prohibit abusive use of data and I think that that’s where we need to be focused from a policy perspective.
“I think there will be ongoing debates about privacy legislation in the US and while I’m actually a very strong advocate for a better federal framework with more tools that facilitate aggressive enforcement but I think if we had done it ten years ago we probably would have ended up with a notice and consent privacy law and I think that that would have not been a great outcome for consumers at the end of the day. So I think the debate and discussion has evolved in an important way. I also think we don’t have to wait for Congress to act.”
As regards more radical solutions to the problem of market-denting tech giants — such as breaking up sprawling and (self-servingly) interlocking services empires — the message from Europe’s most ‘digitally switched on’ regulators seemed to be don’t look to us for that; we are going to have to stay in our lanes.
So tl;dr — if antitrust and privacy regulators’ joint working just sums to more intelligent fiddling round the edges of digital market failure, and it’s break-ups of US tech giants that’s what’s really needed to reboot digital markets, then it’s going to be up to US agencies to wield the hammers. (Or, as Coscelli elegantly phrased it: “It’s probably more realistic for the US agencies to be in the lead in terms of structural separation if and when it’s appropriate — rather than an agency like ours [working from inside a mid-sized economy such as the UK’s].”)
The lack of any representative from the European Commission on the panel was an interesting omission in that regard — perhaps hinting at ongoing ‘structural separation’ between DG Comp and DG Justice where digital policymaking streams are concerned.
The current competition chief, Margrethe Vestager — who also heads up digital strategy for the bloc, as an EVP — has repeatedly expressed reluctance to impose radical ‘break up’ remedies on tech giants. She also recently preferred to waive through another Google digital merger (its acquisition of fitness wearable Fitbit) — agreeing to accept a number of ‘concessions’ and ignoring major mobilization by civil society (and indeed EU data protection agencies) urging her to block it.
Yet in an earlier CEPR discussion session, another panellist — Yale University’s Dina Srinivasan — pointed to the challenges of trying to regulate the behavior of companies when there are clear conflicts of interest, unless and until you impose structural separation as she said has been necessary in other markets (like financial services).
“In advertising we have an electronically traded market with exchanges and we have brokers on both sides. In a competitive market — when competition was working — you saw that those brokers were acting in the best interest of buyers and sellers. And as part of carrying out that function they were sort of protecting the data that belonged to buyers and sellers in that market, and not playing with the data in other ways — not trading on it, not doing conduct similar to insider trading or even front running,” she said, giving an example of how that changed as Google gained market power.
“So Google acquired DoubleClick, made promises to continue operating in that manner, the promises were not binding and on the record — the enforcement agencies or the agencies that cleared the merger didn’t make Google promise that they would abide by that moving forward and so as Google gained market power in that market there’s no regulatory requirement to continue to act in the best interests of your clients, so now it becomes a market power issue, and after they gain enough market power they can flip data ownership and say ‘okay, you know what before you owned this data and we weren’t allowed to do anything with it but now we’re going to use that data to for example sell our own advertising on exchanges’.
“But what we know from other markets — and from financial markets — is when you flip data ownership and you engage in conduct like that that allows the firm to now build market power in yet another market.”
The CMA’s Coscelli picked up on Srinivasan’s point — saying it was a “powerful” one, and that the challenges of policing “very complicated” situations involving conflicts of interests is something that regulators with merger control powers should be bearing in mind as they consider whether or not to green light tech acquisitions.
(Just one example of a merger in the digital space that the CMA is still scrutizing is Facebook’s acquisition of animated GIF platform Giphy. And it’s interesting to speculate whether, had brexit happened a little faster, the CMA might have stepped in to block Google’s Fitibit merger where the EU wouldn’t.)
Coscelli also flagged the issue of regulatory under-enforcement in digital markets as a key one, saying: “One of the reasons we are today where we are is partially historic under-enforcement by competition authorities on merger control — and that’s a theme that is extremely interesting and relevant to us because after the exit from the EU we now have a bigger role in merger control on global mergers. So it’s very important to us that we take the right decisions going forward.”
“Quite often we intervene in areas where there is under-enforcement by regulators in specific areas… If you think about it when you design systems where you have vertical regulators in specific sectors and horizontal regulators like us or the ICO we are more successful if the vertical regulators do their job and I’m sure they are more success if we do our job properly.
“I think we systematically underestimate… the ability of companies to work through whatever behavior or commitments or arrangement are offered to us, so I think these are very important points,” he added, signalling that a higher degree of attention is likely to be applied to tech mergers in Europe as a result of the CMA stepping out from the EU’s competition regulation umbrella.
Also speaking during the same panel, the EDPS warned that across Europe more broadly — i.e. beyond the small but engaged gathering of regulators brought together by CEPR — data protection and competition regulators are far from where they need to be on joint working, implying that the challenge of effectively regulating big tech across the EU is still a pretty Sisyphean one.
It’s true that the Commission is not sitting on hands in the face of tech giant market power.
At the end of last year it proposed a regime of ex ante regulations for so-called ‘gatekeeper’ platforms, under the Digital Markets Act. But the problem of how to effectively enforce pan-EU laws — when the various agencies involved in oversight are typically decentralized across Member States — is one key complication for the bloc. (The Commission’s answer with the DMA was to suggest putting itself in charge of overseeing gatekeepers but it remains to be seen what enforcement structure EU institutions will agree on.)
Clearly, the need for careful and coordinated joint working across multiple agencies with different legal competencies — if, indeed, that’s really what’s needed to properly address captured digital markets vs structural separation of Google’s search and adtech, for example, and Facebook’s various social products — steps up the EU’s regulatory challenge in digital markets.
“We can say that no effective competition nor protection of the rights in the digital economy can be ensured when the different regulators do not talk to each other and understand each other,” Wiewiórowski warned. “While we are still thinking about the cooperation it looks a little bit like everybody is afraid they will have to trade a little bit of its own possibility to assess.”
“If you think about the classical regulators isn’t it true that at some point we are reaching this border where we know how to work, we know how to behave, we need a little bit of help and a little bit of understanding of the other regulator’s work… What is interesting for me is there is — at the same time — the discussion about splitting of the task of the American regulators joining the ones on the European side. But even the statements of some of the commissioners in the European Union saying about the bigger role the Commission will play in the data protection and solving the enforcement problems of the GDPR show there is no clear understanding what are the differences between these fields.”
One thing is clear: Big tech’s dominance of digital markets won’t be unpicked overnight. But, on both sides of the Atlantic, there are now a bunch of theories on how to do it — and growing appetite to wade in.